Cross-platform malware is still a rare occurrence, so when it's detected, it usually attracts more attention than the malware engineered to affect only one particular platform.

A recent one, detected by McAfee and "named" IncognitoRAT attacks both Windows and Mac OS users. So, how does it manage to do it?

"IncognitoRAT is one example of a Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms," explains McAfee's Carlos Castillo.

"The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs.

Once the .jar file is converted, it is executed and downloads a number of Java-based libraries that allow the attacker to remotely control the keyboard and mouse of the affected computer, to play MP3 files and videos, to record images taken by the computer's webcam, and to send stolen information to a predefined email account.

A .jar component dropped by the downloader makes sure that the principal malware - which performs the actions mentioned above, and more - is executed. But, the thing that really caught the researchers' attention is the fact that the botnet created by these infected machines might be able to crash the machines and apparently show a curious message to the user:

"According to public information, this malicious code is available for Windows, Mac OS X, and iPhone/iPad (the last only to control infected computers)," remarks Castillo. "However, we’ve seen only the PC version in a downloader/dropper in the wild."

Spotlight

Microsoft Edge, the new browser in Windows 10, represents a significant increase in the security over Internet Explorer. However, there are also new potential threat vectors that aren’t present in older versions.

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Sun Tzu's writings have been studied throughout the ages by professional militaries and can used to not only answer the question of whether or not we are in a cyberwar, but how one can fight a cyber-battle.

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.